package com.sabm.controller;

import org.hibernate.annotations.Parameter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.encoding.PasswordEncoder;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

import com.sabm.model.Account;
import com.sabm.service.DatabaseService;

@Controller
public class UserController {
	@Autowired
	private DatabaseService dbs;
	@Autowired
	private PasswordEncoder passwordEncoder;
	//
	@RequestMapping(value="/login", method=RequestMethod.GET)  
    public ModelAndView loginForm() {  
        return new ModelAndView("login");  
    }  
      
    @RequestMapping(value="/loginfailed", method=RequestMethod.GET)  
    public ModelAndView invalidLogin() {  
        ModelAndView modelAndView = new ModelAndView("login");  
        modelAndView.addObject("loginfailed", true);  
        return modelAndView;  
    }
    @RequestMapping(value="/accessDenied", method=RequestMethod.GET)  
    public ModelAndView accessDenied() {  
        ModelAndView modelAndView = new ModelAndView("accessDenied"); 
        Account account = (Account) SecurityContextHolder.getContext()
        		.getAuthentication().getPrincipal();
        modelAndView.addObject("username", account.getUsername());
        return modelAndView;  
    }
    @RequestMapping(value="/account", method=RequestMethod.GET)
    public ModelAndView accountSetting(){
    	ModelAndView modelAndView = new ModelAndView("account");
    	Account account = (Account) SecurityContextHolder.getContext()
        		.getAuthentication().getPrincipal();
        modelAndView.addObject("username", account.getUsername());
        return modelAndView;
    }
    @RequestMapping(value="/changePassword.do", method=RequestMethod.POST)
    public ModelAndView changePassword(@RequestParam(value = "newpassword", required = true) String newpassword, 
    		@RequestParam(value = "confnewpassword", required = true) String confnewpassword,
    		@RequestParam(value = "currentpassword", required = true) String currentpassword){
    	ModelAndView modelAndView = new ModelAndView("account");
    	Account account = (Account) SecurityContextHolder.getContext()
        		.getAuthentication().getPrincipal();
        modelAndView.addObject("username", account.getUsername());
        //
        //encrypt pass
        String encodedCurrentPassword = passwordEncoder.encodePassword(currentpassword, null);
      	//
      	//
        if(!encodedCurrentPassword.equals(account.getPassword())){
        	modelAndView.addObject("color", "red");
        	modelAndView.addObject("message", "Current Password is Incorrect!");
        	return modelAndView;
        }
        if(!newpassword.equals(confnewpassword)){
        	modelAndView.addObject("color", "red");
        	modelAndView.addObject("message", "Password does not match the confirm password!");
        	return modelAndView;
        }
        // change pass
        String encodedNewPassword = passwordEncoder.encodePassword(newpassword, null);
        account.setPassword(encodedNewPassword);
        try{
        	 dbs.updateAccount(account);
        	 modelAndView.addObject("color", "green");
 			 modelAndView.addObject("message", "Changed successfully!");
		}catch(Exception e){
			modelAndView.addObject("color", "red");
			modelAndView.addObject("message", "Error!");
		}
        //
        return modelAndView;
    }
    
}
